Details of VAR-201912-1171

ID

VAR-201912-1171

CVE

CVE-2019-11995

TITLE

HPE UIoT Information Disclosure Vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-013871 // CNNVD: CNNVD-201912-864

DESCRIPTION

Security vulnerabilities in HPE UIoT version 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue in HPE UIoT: For customers with release UIoT 1.2.4.2 fixes are made available with 1.2.4.2 RP3 HF1. For customers with release older than 1.2.4.2, such as 1.2.4.1, 1.2.4.0, the resolution will be to upgrade to 1.2.4.2 RP3 HF1 Customers are requested to upgrade to the updated versions or contact HPE support for further assistance. HPE UIoT Contains an information disclosure vulnerability.Information may be obtained. HPE UIoT is a universal IoT platform from Hewlett Packard Enterprise (HPE). The platform has functions such as data analysis, currency security and synchronization management

Trust: 2.7

sources: NVD: CVE-2019-11995 // JVNDB: JVNDB-2019-013871 // CNVD: CNVD-2020-02588 // CNNVD: CNNVD-201912-864

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-02588

AFFECTED PRODUCTS

vendor:	hp	model:	universal internet of things	scope:	eq	version:	1.2.4.0	Trust: 1.0
vendor:	hp	model:	universal internet of things	scope:	eq	version:	1.2.4.1	Trust: 1.0
vendor:	hp	model:	universal internet of things	scope:	eq	version:	1.2.4.2	Trust: 1.0
vendor:	hewlett packard	model:	hpe uiot	scope:	eq	version:	1.2.4.0	Trust: 0.8
vendor:	hewlett packard	model:	hpe uiot	scope:	eq	version:	1.2.4.1	Trust: 0.8
vendor:	hewlett packard	model:	hpe uiot	scope:	eq	version:	1.2.4.2	Trust: 0.8
vendor:	hpe	model:	uiot	scope:	eq	version:	1.2.4.2	Trust: 0.6

sources: CNVD: CNVD-2020-02588 // JVNDB: JVNDB-2019-013871 // NVD: CVE-2019-11995

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-11995
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-11995
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-02588
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201912-864
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-11995
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-02588
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-11995
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-11995
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-02588 // JVNDB: JVNDB-2019-013871 // CNNVD: CNNVD-201912-864 // NVD: CVE-2019-11995

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-200	Trust: 0.8

sources: JVNDB: JVNDB-2019-013871 // NVD: CVE-2019-11995

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-864

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201912-864

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013871

PATCH

title:	hpesbhf03954en_us	url:	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03954en_us	Trust: 0.8
title:	Patch for HPE UIoT Unauthorized Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/197413	Trust: 0.6
title:	HPE UIoT Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106544	Trust: 0.6

sources: CNVD: CNVD-2020-02588 // JVNDB: JVNDB-2019-013871 // CNNVD: CNNVD-201912-864

EXTERNAL IDS

db:	NVD	id:	CVE-2019-11995	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-013871	Trust: 0.8
db:	CNVD	id:	CNVD-2020-02588	Trust: 0.6
db:	CNNVD	id:	CNNVD-201912-864	Trust: 0.6

sources: CNVD: CNVD-2020-02588 // JVNDB: JVNDB-2019-013871 // CNNVD: CNNVD-201912-864 // NVD: CVE-2019-11995

REFERENCES

url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03954en_us	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11995	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11995	Trust: 0.8

sources: CNVD: CNVD-2020-02588 // JVNDB: JVNDB-2019-013871 // CNNVD: CNNVD-201912-864 // NVD: CVE-2019-11995

SOURCES

db:	CNVD	id:	CNVD-2020-02588
db:	JVNDB	id:	JVNDB-2019-013871
db:	CNNVD	id:	CNNVD-201912-864
db:	NVD	id:	CVE-2019-11995

LAST UPDATE DATE

2024-11-23T22:48:11.029000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-02588	date:	2020-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-013871	date:	2020-01-20T00:00:00
db:	CNNVD	id:	CNNVD-201912-864	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-11995	date:	2024-11-21T04:22:07.717

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-02588	date:	2020-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-013871	date:	2020-01-20T00:00:00
db:	CNNVD	id:	CNNVD-201912-864	date:	2019-12-18T00:00:00
db:	NVD	id:	CVE-2019-11995	date:	2019-12-18T20:15:16.103